In article <MPG.21b8d91a6cd98b449896a1@msnews.microsoft.com >,
me@privacy.net says...
> Dat zou zomaar kunnen. Met TrustedInstaller moet je niet zomaar gaan
> zitten knoeien,
Meer over TrustedInstaller, een "cut&paste" uit een andere nieuwsgroep:
From this link below: I am posting a couple of paragraphs that talk
about Trusted Installer:
http://www.microsoft.com/technet/tec.../ACL/default.a
spx
Trusted Installer The Trusted Installer is actually a service, not a
user, even though you see permissions granted to it all over the file
system. Service hardening allows each service to be treated as a full-
fledged security principal that can be assigned permissions just like
any other user. For an overview of this feature, see the January 2007
issue of TechNet Magazine. The book Windows Vista Security (Grimes and
Johansson, Wiley Press, 2007) explores service hardening in detail,
including how it is leveraged by other features, such as the firewall
and IPsec.
Trusted Installer In Windows Vista, most of the OS files are owned by
the TrustedInstaller SID, and only that SID has full control over them.
This is part of the system integrity work that went into Windows Vista,
and is meant specifically to prevent a process that is running as an
administrator or Local System from automatically replacing the files. In
order to delete an operating system file, you thus need to take
ownership of the file and then add an ACE on it that lets you delete it.
This provides a thin layer of protection against a process that is
running as LocalSystem and has a System integrity label; a process that
has lower integrity is not supposed to be able to elevate itself to
change ownership. Some services, for instance, can run with medium
integrity, even though they are running as Local System. Such services
cannot replace system files so an exploit that takes over one of them
can?t replace operating system files, making it a bit harder to install
a rootkit or other malware on the system. It also becomes more difficult
for system administrators who are offended by the mere presence of some
system binary to remove that binary.
--
Kind regards,
Mark Veldhuis.
Linear Mode
